Why there are no point releases for security-bugs?
The changelog form 5.3.2 to 5.3.3 RCx shows many
security releases which are well known in the meantime
It's VERY bad to schedule thmen always only with
the normal bugfixes and also on production servers
it can not be recommended to backport them
On 7/10/10 2:32 PM, Reindl Harald wrote:
> Why there are no point releases for security-bugs?
>
> The changelog form 5.3.2 to 5.3.3 RCx shows many
> security releases which are well known in the meantime
>
> It's VERY bad to schedule thmen always only with
> the normal bugfixes and also on produc
Am 10.07.2010 23:52, schrieb Rasmus Lerdorf:
> On 7/10/10 2:32 PM, Reindl Harald wrote:
>> Why there are no point releases for security-bugs?
>>
>> The changelog form 5.3.2 to 5.3.3 RCx shows many
>> security releases which are well known in the meantime
>>
>> It's VERY bad to schedule thmen alway
On 7/10/10 3:17 PM, Reindl Harald wrote:
>
> Am 10.07.2010 23:52, schrieb Rasmus Lerdorf:
>> On 7/10/10 2:32 PM, Reindl Harald wrote:
>>> Why there are no point releases for security-bugs?
>>>
>>> The changelog form 5.3.2 to 5.3.3 RCx shows many
>>> security releases which are well known in the me
Am 11.07.2010 00:29, schrieb Rasmus Lerdorf:
> On 7/10/10 3:17 PM, Reindl Harald wrote:
>> What is enough on shared hosting because there are many ways
>> to trigger local exploits. If there is ANY eval-injection
>> in a for the admin unkown script you heave a full remote-exploit
>
> Shared hosts
On 7/10/10 3:34 PM, Reindl Harald wrote:
>
> Am 11.07.2010 00:29, schrieb Rasmus Lerdorf:
>> On 7/10/10 3:17 PM, Reindl Harald wrote:
>>> What is enough on shared hosting because there are many ways
>>> to trigger local exploits. If there is ANY eval-injection
>>> in a for the admin unkown script
Am 11.07.2010 00:39, schrieb Rasmus Lerdorf:
> We do fix them, but we don't have the capacity to do point releases for
> every local exploit fix. We simply don't have enough people to do that.
> A shared host who is worried about local exploits need to take other
> measures because most of the s
On 2010-07-10, at 7:00 PM, Reindl Harald wrote:
> I understand this well
>
Then perhaps you can volunteer to help speed up the release process.
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
On 7/10/10 4:00 PM, Reindl Harald wrote:
> Am 11.07.2010 00:39, schrieb Rasmus Lerdorf:
>
>> We do fix them, but we don't have the capacity to do point releases for
>> every local exploit fix. We simply don't have enough people to do that.
>> A shared host who is worried about local exploits nee
